The privacy of your health information has always been important
to us. The Fund does not sell
information to telemarketers, lenders, or financial institutions, and your
health information is not made available to your employer. Federal privacy
rules first became effective under the Health Insurance Portability and
Accountability Act ("HIPAA") as of April 14, 2003.
The Employment Partners Benefits Fund (the "Fund" or
"Plan") is providing you with an outline of its Amended and Restated
Privacy Policy, updated to comply with final 2013 regulations of the U.S.
Department of Health and Human Services, modifying existing privacy, security,
enforcement and breach notification regulations. The Amended and Restated Policy reflects
changes required under the Health Information Technology for Economic and
Clinical Health Act ("HI-Tech Act") and the Genetic Information
Nondiscrimination Act ("GINA").
However, due to new federal privacy rules that are part of HIPAA,
we now operate under some very strict and detailed legal requirements affecting
how health insurers, benefit plans and health care providers handle medical
information.
The Fund contracts with several health service organizations,
which it supervises, for administrative services, such as Highmark Blue Cross
Blue Shield, United Concordia and others.
These business associates will be your initial contact on matters
involving the processing of claims. We
urge you to contact those entities directly with you questions concerning the
status of claims.
The Fund has taken steps to ensure that those associated groups
are in compliance with the new federal privacy rules. Some of these entities may confirm their
compliance with the new federal privacy rules by sending you privacy notices
similar to this notice. If you have not
already received Privacy Notices from these organizations, you may receive
their notices in the near future. These
associated entities and the Fund are governed by the same federal regulations
which require issuance of this type of privacy notice. The federal regulations which protect your
right to privacy first became effective April 14, 2003. Through this Privacy Notice, the Fund hereby
acknowledges the modifications and additions to its Privacy Policies which became
effective September 23, 2013 concerning modification regarding security of
information, including electronic records, and procedures required when
electronic PHI security has been breached.
The Fund is required by law to take reasonable steps to ensure
the privacy and security of health information transmitted, created or
maintained in its records which personally identifies you. This information is called "Protected
Health Information" or "PHI". In some instances, communications containing
PHI will require that you sign authorization forms so that information may be
provided to your personal representative.
The purpose of this notice is to inform you about:
The term "Protected Health Information" (PHI) includes
all individually identifiable health information transmitted or maintained by
the Fund, regardless of form (oral, written, electronic).
Section 1. Notice Of PHI
Uses And Disclosures For Treatment, Payment And Health Care Operations
The Fund and its business associates will continue to use PHI
without asking you to sign consent and authorization forms but such use of PHI
will be solely for purposes of treatment, payment and health care operations. The Trustees of the Fund have amended the
Agreement and Declaration of Trust to protect your PHI as required by federal
law.
Treatment is the provision, coordination or management of health care and
related services. It also includes but
is not limited to consultations and referrals between one or more of your
providers.
For example, the Fund may disclose to a treating orthodontist the
name of your treating dentist so that the orthodontist may ask for your dental
X-rays from the treating dentist.
Payment includes but
is not limited to actions to make coverage determinations and payment (including
billing, claims management, subrogation, Fund reimbursement, reviews for
medical necessity and appropriateness of care and utilization review and pre-authorizations).
For example, the Fund may tell a doctor whether you are eligible
for coverage or what percentage of the bill will be paid by the Fund.
Health Care Operations
include but are not limited to quality
assessment and improvement, reviewing competence or qualifications of health
care professionals, underwriting, premium rating and other insurance activities
relating to creating or renewing insurance contracts. It also includes disease management, case
management, conducting or arranging for medical review, legal services and
auditing functions including fraud and abuse compliance programs, business
planning and development, business management and general administrative
activities. However, no genetic
information can be used or disclosed for underwriting purposes.
For example, the Fund may use information about your claims to
refer you to a disease management program, project future benefit costs or
audit the accuracy of its claims processing functions.
Uses and disclosures which require that you be given an
opportunity to agree or disagree prior to the use or release
Unless you object, the Fund may provide relevant portions of your
protected health information to a family member, friend or other person you
indicate is involved in your health care or in helping you receive payment for
your health care. Also, if you are not
capable of agreeing or objecting to these disclosures because of, for instance,
an emergency situation, the Fund will disclose protected health information (as
the Fund determines) in your best interest.
After the emergency, the Fund will give you the opportunity to object to
future disclosures to family and friends.
Uses and disclosures for which consent, authorization or
opportunity to object is not required
Use and disclosure of your PHI is allowed without your consent,
authorization or request under the following circumstances (for more
information see: www.hhs.gov/ocr/
privacy/hipaa/understanding/consumers/index.html):
(1) For treatment, payment and health care
operations.
(2) Enrollment information can be provided to the
Trustees.
(3) Summary
health information can be provided to the Trustees for the purposes designated
above.
(4) When required by law.
(5) When permitted for purposes of public health
activities, including when necessary to report product defects, to permit
product recalls and to conduct post-marketing surveillance. PHI may also be used or disclosed if you have
been exposed to a communicable disease or are at risk of spreading a disease or
condition, if authorized by law.
(6) When authorized by law to report information
about abuse, neglect or domestic violence to public authorities if there exists
a reasonable belief that you may be a victim of abuse, neglect or domestic
violence. In such case, the Fund will
promptly inform you that such a disclosure has been or will be made unless that
notice would cause a risk of serious harm.
For the purpose of reporting child abuse or neglect, it is not necessary
to inform the minor that such a disclosure has been or will be made. Disclosure may generally be made to the minor's parents or other representatives although there may be
circumstances under federal or state law when the parents or other
representatives may not be given access to the minor's PHI.
(7) The Fund may disclose your PHI to a public
health oversight agency for oversight activities authorized by law. This includes uses or disclosures in civil,
administrative or criminal investigations; inspections; licensure or
disciplinary actions (for example, to investigate complaints against providers);
and other activities necessary for appropriate oversight of government benefit
programs (for example, to investigate Medicare or Medicaid fraud).
(8) The Fund may disclose your PHI when required
for judicial or administrative proceedings.
For example, your PHI may be disclosed in response to a subpoena or
discovery request.
(9) When required for law enforcement purposes
(for example, to report certain types of wounds).
(10) For law enforcement purposes, including for the
purpose of identifying or locating a suspect, fugitive, material witness or
missing person. Also, when disclosing
information about an individual who is or is suspected to be a victim of a
crime but only if the individual agrees to the disclosure or the covered entity
is unable to obtain the individua's agreement because of emergency circumstances. Furthermore, the law enforcement official
must represent that the information is not intended to be used against the
individual, the immediate law enforcement activity would be materially and
adversely affected by writing to obtain the individual's agreement and disclosure is in the best interest of the
individual as determined by the exercise of the Fund's best judgment.
(11) When required to be given to a coroner or
medical examiner for the purpose of identifying a deceased person, determining
a cause of death or other duties as authorized by law. Also, disclosure is permitted to funeral
directors, consistent with applicable law, as necessary to carry out their
duties with respect to the decedent.
(12) The Fund may use or disclose PHI for research,
subject to conditions.
(13) When consistent with applicable law and
standards of ethical conduct if the Fund, in good faith, believes the use or
disclosure is necessary to prevent or lessen a serious and imminent threat to
the health or safety of a person or the public and the disclosure is to a
person reasonably able to prevent or lessen the threat, including the target of
the threat.
(14) When authorized by and to the extent necessary
to comply with workers'
compensation or other similar programs established by law.
Uses and disclosures that require your written authorization
Other uses or disclosures of your protected health information
not described above will only be made with your written authorization. For example, in general and subject to
specific conditions, the Fund will not use or disclose your psychiatric notes;
the Fund will not use or disclose your protected health information for
marketing; and the Fund will not sell your protected health information, unless
you provide a written authorization to do so.
You may revoke written authorizations at any time, so long as the
revocation is in writing. Once the Fund
receives your written revocation, it will only be effective for future uses and
disclosures. It will not be effective
for any information that may have been used or disclosed in reliance upon the
written authorization and prior to receiving your written revocation.
Section
2. Rights Of Individuals
Uses
and disclosures that require your written authorization
Your written authorization generally will be obtained before the Fund
will use or disclose psychotherapy notes about you from your
psychotherapist. Psychotherapy notes are
separately filed notes about your conversations with your mental health
professional during a counseling session.
They do not include summary information about your mental health
treatment. The Fund may use and disclose
such notes when needed by the Fund to defend against litigation filed by you.
Uses and disclosures that require that you be given an
opportunity to agree or disagree prior to the use or release
Disclosure of your PHI to family members and other relatives may
be allowed if:
In light of the fact that the Fund contracts with a number of
organizations who are involved in the processing of information, it is likely
that some may impose limitations which you do not want to have be imposed. For instance, some may insist that all
communications must be had with only the person receiving medical services and,
therefore, refuse to communicate with your spouse. Generally, we will assume that a spouse or
parent is authorized to request an individual's PHI. However, if you are
asked to provide a written authorization, this federal regulation is the
reason. Some will want to prohibit the Fund
from disclosing PHI to a spouse and should submit a form to document this wish.
Right to Request Restrictions on PHI Uses and Disclosures
You may request the Fund to restrict uses and disclosures of your
PHI to carry out treatment, payment or health care operations, or to restrict
uses and disclosures to family members, relatives, friends or other persons
identified by you who are involved in your care or payment for your care. The
Fund will attempt to honor your request; however, if the request cannot be
honored, please note that the Fund is under no legal obligation to do so.
Right to Request Confidential Communications
The Fund will accommodate reasonable requests to receive
communications of PHI by alternative means or at alternative locations if
necessary to prevent a disclosure that could endanger you.
You or your personal representative will be required to submit a
written request to exercise this right.
Such requests should be made to the Fund's Privacy Official.
You or your personal representative will be required to complete
a form to request restrictions on uses and disclosures of your PHI.
Right to Inspect and Copy PHI
You have a right to inspect and obtain a copy of your PHI
contained in a "designated record set," for as long as the Fund
maintains the PHI. If the information
you request is in an electronic designated record set, you may request that
these records be transmitted electronically (flash drive, disk or e-mail) to
yourself or a designated individual in non-encrypted form.
"Protected Health Information" (PHI) includes all individually identifiable health information
transmitted or maintained by the Fund, regardless of form.
"Designated Record Set" includes the medical records and billing records about
individuals maintained by or for a covered health care provider; enrollment,
payment, billing, claims adjudication and case or medical management record
systems maintained by or for a health plan; or other information used in whole
or in part by or for the covered entity to make decisions about
individuals. Information used for
quality control or peer review analyses and not used to make decisions about
individuals is not in the designated record .
The requested information will be provided within 30 days if the
information is maintained on site or within 60 days if the information is
maintained off-site. A single 30-day
extension is allowed if the Fund is unable to comply with the deadline.
You or your personal representative will be required to complete
the Fund's "Form for Access to PHI" to request access to the PHI in
your designated record set according to the Fund's Access Policy. A reasonable, cost-based fee for copying or
transferring records to electronic media may be charged.
If access is denied, you or your personal representative will be
provided with a written denial setting forth the basis for the denial, a
description of how you may exercise those review rights and a description of
how you may complain to the Secretary of the U.S. Department of Health and
Human Services.1
Right to Amend PHI
You have the right to request the Fund to amend your PHI or a
record about you in a designated record set for as long as the PHI is
maintained in the designated record set.
The Fund has 60 days after the request is made to act on the
request. A single 30-day extension is
allowed if the Fund is unable to comply with the deadline. If the request is denied in whole or part,
the Fund must provide you with a written denial that explains the basis for the
denial. You or your personal
representative may then submit a written statement disagreeing with the denial
and have that statement included with any future disclosures of your PHI.
You or your personal representative will be required to complete
a form to request amendment of the PHI in your designated record set. The form will ask you to provide a reason to
support a requested amendment.
The Right to Receive an Accounting of PHI Disclosures
At your request, the Fund will also provide you with an accounting
of disclosures by the Fund of your PHI during the six years prior to the date
of your request. However, such
accounting need not include PHI disclosures made: (1) to carry out treatment,
payment or health care operations; (2) pursuant to your authorizations; (3) where
otherwise permissible under the law and the Fund's privacy practices. In addition, the Fund need not account for
certain incidental disclosures.
If the accounting cannot be provided within 60 days, an
additional 30 days is allowed if the individual is given a written statement of
the reasons for the delay and the date by which the accounting will be
provided.
If you request more than one accounting within a 12-month period,
the Fund will charge a reasonable, cost-based fee for each subsequent
accounting.
The Right to Receive a Paper Copy of This Notice Upon Request
This Notice of Privacy Practices is being provided to all
participants on paper, but it is also available on the Fund's Web site: www.epbfund.com.
A Note About Personal Representatives
You may exercise your rights through a personal
representative. Your personal
representative will be required to produce evidence of his/her authority to act
on your behalf before that person will be given access to your PHI or allowed
to take any action for you. Proof of
such authority may take one of the following forms:
The Fund retains discretion to deny access to your PHI to a
personal representative to provide protection to those vulnerable people who
depend on others to exercise their rights under these rules and who may be
subject to abuse or neglect. This also
applies to personal representatives of minors.
Section 3. The Fund's Duties
The Fund is required by law to maintain the privacy of PHI and to
provide individuals (participants and beneficiaries) with notice of its legal
duties and privacy practices.
This Notice is effective September 23, 2013, and the Fund is
required to comply with the terms of this Notice. The Fund reserves the right to change its
privacy practices and to apply the changes to any PHI received or maintained by
the Fund prior to that date. If a
privacy practice is changed, a revised version of this notice will be provided
in publications, or by mail.
Any revised version of this notice will be distributed within 60
days of the effective date of any material change to the uses or disclosures,
the individual's
rights, the duties of the Fund or other privacy practices stated in this
notice.
Minimum Necessary Standard
When using or disclosing PHI or when requesting PHI from another
covered entity, the Fund will make reasonable efforts not to use, disclosure or
request more than the minimum amount of PHI necessary to accomplish the
intended purpose of the use, disclosure or request, taking into consideration
practical and technological limitations.
When required by law, the Fund will restrict disclosures to the limited
data set, or otherwise as necessary, to the minimum necessary information to
accomplish the intended purpose.
However, the minimum necessary standard will not apply in the
following situations:
De-Identified Information
This notice does not apply to information that has been
de-identified. De-identified information
is information that does not identify an individual and with respect to which
there is no reasonable basis to believe that the information can be used to
identify an individual.
Summary Health Information
The Fund may use or disclosure "summary health
information" to the plan sponsor for obtaining premium bids or modifying,
amending or terminating the group health plan.
"Summary Health Information" is that which summarizes the
claims history, claims expenses or type of claims experienced by individuals
for whom a plan sponsor has provided health benefits under a group health plan
and from which identifying information has been deleted in accordance with
HIPAA.
Notification of Breach
The Fund is required by law to maintain the privacy of
participants' PHI and to provide individuals with notice of its legal duties
and privacy practices. In the event of a
breach of unsecured PHI, the Fund will notify affected individuals of the
breach.
Section 4. Complaint
Procedure
If you believe that your privacy rights have been violated, you
may complain to the Fund in care of the following representative who has been
designated as the Fund's Privacy Officer:
William L. Parry, Jr., Director
Employment Partners Benefits Fund
50 Abele Road, Suite 1005
Bridgeville, PA 15017
412-363-2700
Alternatively, you may file a complaint with the Secretary of the
U.S. Department of Health and Human Services Office of Civil Rights by sending
a letter to Hubert H. Humphrey Building, 200 Independence Avenue S.W.,
Washington, D.C. 20201; calling 1-877-696-6775; or visiting:
www.hhs.gov/ocf/privacy/hipaa/complaints/.
The Fund will not retaliate against you for filing a complaint.
Section 5. Additional
Information
If you have any questions regarding this notice, any of the forms
mentioned, or the subjects addressed in it, you may contact the Fund's Privacy
Officer identified in Section 4.
Conclusion
PHI use and disclosure by the Fund is regulated by a federal law
known as HIPAA (the Health Insurance Portability and Accountability Act). This Privacy Notice acknowledges that the Fund
is complying with the law. You may find
the federal regulations at 45 Code of Federal Regulations Parts 160 and
164. This notice attempts to summarize
the regulations. The regulations will
supersede any discrepancy between the information in this Notice and the
regulations.
Amendment and Restatement of Privacy Notice.epbf.Jan22